Split & Pay
Split & Pay · Legal

Privacy Policy

Last updated: April 27, 2026 · Effective: April 27, 2026

1. Who we are

Split & Pay (“the App”, “we”, “us”) is an independent mobile application published by Baris Taskiran (“the developer”), a sole proprietor based in Vermont, United States. You can reach us at rbtaskiran@gmail.com.

2. Our promise in one paragraph

Split & Pay is local-first. The bill history, preferences, known people, and split drafts you create stay on your device by default. We do not embed third-party analytics, advertising, or session-replay SDKs in the app. We do not sell, rent, or share your data with marketing partners. The only personal data that leaves your device is what is required to make a feature you opted into actually work — and we list every such case below.

3. Data we process

a. Stored on your device only

  • Bill drafts, history, and per-person settlement state
  • Saved “known people” (name, optional handles)
  • App preferences, theme, currency, language
  • Receipt photos captured during scanning (we do not retain copies after OCR)
  • Recently copied payment handles

b. Sent to our backend (Firebase) only when you use that feature

We use Google Firebase (operated by Google LLC) for the optional cloud features below. Each is gated by you taking an explicit action:

  • Anonymous sign-in & account profile — when you first open the app, an anonymous Firebase Authentication user is created so we can address your data without asking for an email or password. Linking Apple Sign-In is optional.
  • Handle, display name, and payment handles — if you claim a public handle (e.g. @you) or save Venmo/Cash App/Zelle/PayPal identifiers, those are stored against your user document so friends can look you up.
  • Friends and friend requests — friend edges and pending requests are stored in our Realtime Database and Firestore so they sync across your devices and reach the other person.
  • Live rooms — when you host or join a live room, the bill draft, participant list, and per-item claims are written to our Realtime Database for the duration of the room. Rooms are auto-abandoned after extended inactivity.
  • Payment requests & settlement notifications — a record of who owes whom for which bill, and the push notifications sent when something is requested, confirmed, or settled.
  • Bill history sync — opt-in cross-device mirror of your local bill history into your private user document.
  • Push notification tokens— your device's FCM/APNs token (an opaque identifier) so we can deliver notifications you enabled.
  • Receipt OCR— when you tap “Scan” and capture a photo, the image is uploaded to a Google Cloud Function we operate, sent to Google Cloud Vision for OCR, and discarded after the line items are returned. We do not store a copy of the image.
  • Subscription receipts — RevenueCat (operated by RevenueCat, Inc.) handles purchase validation and entitlement state. The Apple/Google receipt and your purchase events are mirrored into your user document for restore and support.
  • Device profile — when you sign in we record a device entry (platform, OS version, app version, language, timezone, region, IP at the moment of the request, last seen) so you can review and revoke access from other devices in Settings → Devices.

c. Permissions you may grant the app

  • Camera — to scan receipts. Frames stay on device until you explicitly run OCR.
  • Contacts— only when you tap “From Contacts” to autofill a friend's phone number or payment handle. We read the contacts you select; we do not upload your address book.
  • Location (when in use) — only when you tap a restaurant picker that needs your current location to surface nearby places. We do not store or transmit your coordinates; they are passed to the local map provider for the search and discarded.
  • Face ID / Touch ID / device passcode — used locally to unlock your saved bill history if you enable App Lock. Biometric data never leaves the OS-managed enclave.
  • Notifications — to deliver friend requests, payment events, and live-room activity.

d. We do not collect

  • Behavioral or usage analytics via third-party SDKs.
  • Advertising identifiers (IDFA / AAID).
  • Your address book in bulk.
  • Background location.
  • Microphone audio.
  • Health, fitness, biometric, or financial-account data.

4. Why we process this data (legal bases)

For users in the EEA / UK, our legal bases under GDPR are:

  • Contract — providing the App and the optional Pro subscription you purchased.
  • Legitimate interests — keeping the service secure, preventing abuse of live rooms, and operating the backend at all.
  • Consent — for any feature that requires a system permission (camera, contacts, location, notifications) and for the optional anonymous daily ping.
  • Legal obligation — responding to lawful requests we are required to honor.

5. How long we keep data

  • On-device data: as long as the app is installed, until you delete it or use Settings → Privacy → “Clear local data”.
  • Cloud user document, friends, and bills: until you tap Settings → Privacy → “Forget me”, which deletes your user document, friends, devices, and pending requests, and signs you out.
  • Live rooms: deleted on settle or auto-abandoned after extended inactivity (currently 24 hours).
  • Receipt OCR uploads: not retained after the parse completes.
  • Purchase events: retained for the duration of your subscription plus the period required by Apple, Google, and RevenueCat for dispute and refund handling.
  • Server logs (Firebase / Cloud Functions): up to 30 days for security and abuse investigation, then rotated.

6. Sub-processors

The following providers process limited data on our behalf:

  • Google Firebase(Authentication, Firestore, Realtime Database, Cloud Functions, Cloud Messaging) — backend storage, sync, and push delivery. Data resides in Google's US regions.
  • Google Cloud Vision — receipt OCR, called from our Cloud Function only when you scan.
  • RevenueCat — subscription receipt validation and entitlement state.
  • Apple App Store / Google Play — purchase processing, push delivery infrastructure, store reviews.
  • Google Places (optional) — restaurant search, when you tap the restaurant picker.

We do not knowingly transfer your data outside these providers. None of them act as independent controllers of Split & Pay data.

7. International transfers

Our backend providers are based in the United States and may process data in their global infrastructure. Where required, we rely on the providers' Standard Contractual Clauses, the EU-US Data Privacy Framework (where applicable), and equivalent legal mechanisms.

8. Your rights

You can exercise these rights directly inside the app:

  • Access & portability — your bill history lives on your device; export options are in Settings.
  • Rectification — edit your handle, display name, and payment methods in Settings → Account.
  • Erasure— Settings → Privacy → “Forget me” deletes your cloud profile, friends, devices, and pending requests.
  • Withdraw consent — revoke camera, contacts, location, or notification permission in your OS settings at any time.
  • Object / restrict — write to us at the email below.

Residents of California (CCPA/CPRA), the EEA, the UK, and other jurisdictions with comparable privacy laws have the same rights and may also lodge a complaint with their local data protection authority. We do not sell or share personal information for cross-context behavioral advertising.

9. Children

Split & Pay is rated for users 4+ but is not directed at children under 13 (or under 16 in the EEA/UK). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us and we will delete it.

10. Security

We rely on the encryption-in-transit and at-rest provided by Google Firebase and Apple/Google in-app purchase infrastructure. Access to backend data is restricted by per-user Firestore Security Rules and Realtime Database rules. We do not, and cannot, read your bill drafts on the server — they live on your device.

11. Changes

We will update this policy when we add new features that change what data we process. Material changes are surfaced in-app on your next launch. Continued use of the App after a change means you accept the updated policy.

12. Contact

Privacy questions, data requests, or anything else: rbtaskiran@gmail.com. We aim to respond within 30 days.